Tuesday, October 27, 2015

Cisco ASA CX Context-Aware Security Web GUI Unauthorized Access Vulnerability

A vulnerability in the web-based GUI of Cisco Adaptive Security Appliance (ASA) CX Context-Aware Security could allow an authenticated, remote attacker to enumerate users and read user information without belonging to a role that allows those operations.

The vulnerability is due to insufficient authorization controls. An attacker could exploit this vulnerability by sending an HTTP request to a specific URL.

Cisco has not released software updates that address this vulnerability. There are no workarounds that mitigate this vulnerability.

This advisory is available at the following link: http://ift.tt/1Mr1kXP

from Cisco Security Advisory http://ift.tt/1Mr1kXP

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.